Ran an mbam scan earlier today with 0 results. However, following up with an Avast full scan, 2 identical ‘high risk’, HTML: Script-inf items surfaced. Avast then proposed a reboot with a further scan and although I wasn’t there at the finish, I did note that there were 4 items- 3 ‘zip archive is corrupted’ and 1 ‘CAB archive is corrupted’. After the scan, the computer had obviously rebooted and so I have no idea what happened to the corrupt items or what I should do now.
I would really appreciate advice on this.
The boot-time scan by default will scan archives, however a scan (Quick or Full) doesn’t scan archives by default, that may be why you don’t see anything like this in a routine on-demand scan.
So as essexboy said, these are just notifications of files that can’t be scanned and why, so nothing to be concerned with.
I don’t believe they are all associated given that most were from transferred to the chest on 05/02/2012, not to mention they aren’t archives.
The two main[1].htm detections are likely to be associated as they were from transferred to the chest on 08/04/2012, that alert is probably what suggested the boot-time scan. These appear to have been in the browser cache (temporary internet files folder), since that is a temporary location moving them to the chest wouldn’t have been an issue.
The win32:trojan-gen are related to MalwareBytes AntiMalware (MBAM) and are most likely to be detecting virus signatures in an update.
I suspect that if you rescan the mbamservice.exe file from the virus chest it probably won’t be detected as I suspect it is more likely to have been an FP.
Thank you for that David. Are you saying that it is possible to scan a single file in the virus chest, and if so, for my benefit and for the benefit of those as computer green as myself, how would I go about it?
Check and see if there is a copy of these files in the original location as I think that on a reboot MBAM may well have replaced them as they are in the 32bit version of Program Files on your 64bit OS (C:\Program Files x86\MalwareBytes’ AntiMalware.…) ?
If they have been replaced then you could manually remove them from the chest.
If they aren’t present in the original location, right click on the file in the chest and select Restore (do that for the other MBAM files no longer detected, as required). This Restore sends a copy back to the original location, a copy remains in the chest. Confirm that the files are in the original location and remove the copy from the chest.
For me the other three as I said being from the temporary internet files (browser cache) can be removed from the chest without adverse effect (they are temporary files).
Thank you again David. Am a bit unsure about the MBAM items since I have never seen a file let alone opened one. So I might just leave these until I am a bit more confident. Re the other ones, do you mean that I can right click and delete them? Sorry to be so stupid. :-[
Yes, right click on the file in the chest and select delete.
You aren’t opening any file, just using windows explorer to navigate to the location where the MBAM files in the chest were originally located (C:\Program Files x86\MalwareBytes’ AntiMalware.…) and see if MBAM has already replaced them. If not then right click on the file in the chest and select Restore, you aren’t opening any file, you (avast) are just copying it back to the original location.
If I key in the full C:\ Program Files Malware Bytes etc I get no results. However, if I simply key in C:\Program Files I get the following:
program filles (x86), and;
program files (x86)(x86).
Are these the replacements you mentioned?
You don’t need to key in the path, you can just copy and paste it from the file in the virus chest, right click on the file and select properties or navigate to the location using windows explorer. Edit: see image example of finding it using windows explorer.
Have removed the temp files and will try to follow the instructions for the MBAMs after re-reading. Mealwhile, thanks for the tolerance and understanding.